Most Windows users think of Microsoft Defender as the software that protects them from malware. Recent security patches are a reminder that even security tools can become targets themselves.
Microsoft has fixed two vulnerabilities in Defender that were reportedly exploited in real-world attacks before patches became available. One flaw could allow attackers to gain elevated privileges on a compromised system, while the other could interfere with Defender’s ability to function correctly.
The first vulnerability, tracked as CVE-2026-41091, affects the Microsoft Malware Protection Engine, the component responsible for scanning files and detecting threats. In the wrong hands, the flaw could help an attacker move from limited access to much deeper control over a system.
The second issue, CVE-2026-45498, impacts the Microsoft Defender Antimalware Platform and could potentially be used to disrupt parts of Defender’s protection mechanisms. While it doesn’t directly hand over control of a PC, weakening security software can make other attacks easier to execute.
What makes these bugs noteworthy is where they were found. Defender isn’t just another application running on Windows; it operates with extensive access to files, memory, processes, and system activity. That level of privilege is necessary for detecting threats, but it also makes Defender an attractive target for cybercriminals.
The good news is that Microsoft has already released fixes. Systems running Defender Engine version 1.1.26040.8 or later and Antimalware Platform version 4.18.26040.7 or later are protected from these specific vulnerabilities.
For most home users, the updates should arrive automatically. However, it’s still worth manually checking that Defender is up to date, particularly on devices that rarely connect to the internet or have Windows Update restrictions in place.